2019
Authors
Sousa, PR; Resende, JS; Martins, R; Antunes, L;
Publication
AD-HOC, MOBILE, AND WIRELESS NETWORKS (ADHOC-NOW 2019)
Abstract
The growth of the Internet of Things (IoT) is raising significant impact in several contexts, e.g., in cities, at home, and even attached to the human body. This digital transformation is happening at a high pace and causing a great impact in our daily lives, namely in our attempt to make cities smarter in an attempt to increase their efficiency while reducing costs and increasing safety. However, this effort is being supported by the massive deployment of sensors throughout cities worldwide, leading to increase concerns regarding security and privacy. While some of these issues have already been tackled, device authentication remains without a viable solution, specially when considering a resilient decentralized approach that is the most suitable for this scenario, as it avoids some issues related to centralization, e.g., censorship and data leakage or profit from corporations. The provisioning is usually an arduous task that encompasses device configuration, including identity and key provisioning. Given the potential large number of devices, this process must be scalable and semi-autonomous, at least. This work presents a novel approach for provisioning IoT devices that adopts an architecture where other device acts as a manager that represents a CA, allowing it to be switched on/off during the provisioning phase to reduce single point of failure (SPOF) problems. Our solution combines One Time Password (OTP) on a secure token and cryptographic algorithms on a hybrid authentication system.
2019
Authors
Resende, JS; Martins, R; Antunes, L;
Publication
ENTROPY
Abstract
Security and privacy concerns are challenging the way users interact with devices. The number of devices connected to a home or enterprise network increases every day. Nowadays, the security of information systems is relevant as user information is constantly being shared and moving in the cloud; however, there are still many problems such as, unsecured web interfaces, weak authentication, insecure networks, lack of encryption, among others, that make services insecure. The software implementations that are currently deployed in companies should have updates and control, as cybersecurity threats increasingly appearing over time. There is already some research towards solutions and methods to predict new attacks or classify variants of previous known attacks, such as (algorithmic) information theory. This survey combines all relevant applications of this topic (also known as Kolmogorov Complexity) in the security and privacy domains. The use of Kolmogorov-based approaches is resource-focused without the need for specific knowledge of the topic under analysis. We have defined a taxonomy with already existing work to classify their different application areas and open up new research questions.
2019
Authors
Novais, P; Jung, JJ; Villarrubia, G; Fernández Caballero, A; Navarro, E; González, P; Carneiro, D; Pinto, A; Campbell, AT; Duraes, D;
Publication
Advances in Intelligent Systems and Computing
Abstract
2019
Authors
Novais, P; Jung, JJ; González, GV; Caballero, AF; Navarro, E; González, P; Carneiro, D; Pinto, A; Campbell, AT; Durães, D;
Publication
ISAmI
Abstract
2019
Authors
de Sousa, HR; Pinto, A;
Publication
Blockchain and Applications - International Congress, BLOCKCHAIN 2019, Avila, Spain, 26-28 June, 2019.
Abstract
Digital economy relies on global data exchange flows. On May 25th 2018 the GDPR came into force, representing a shift in data protection legislation by tightening data protection rules. This paper introduces an innovative solution that aims to diminish the burden resulting from new regulatory demands on all stakeholders. The presented solution allows the data controller to collect the consent, of a European citizen, in accordance to the GDPR and persist proof of said consent on public a blockchain. On the other hand, the data subject will be able to express his consent conveniently through his smartphone and evaluate the data controller’s performance. The regulator’s role was also contemplated, meaning that he can leverage certain system capabilities specifically designed to gauge the status of the relationships between data subjects and data controllers. © Springer Nature Switzerland AG 2020.
2019
Authors
Harrison, WK; Beard, E; Dye, S; Holmes, E; Nelson, K; Gomes, MAC; Vilela, JP;
Publication
ENTROPY
Abstract
In this work, we consider the pros and cons of using various layers of keyless coding to achieve secure and reliable communication over the Gaussian wiretap channel. We define a new approach to information theoretic security, called practical secrecy and the secrecy benefit, to be used over real-world channels and finite blocklength instantiations of coding layers, and use this new approach to show the fundamental reliability and security implications of several coding mechanisms that have traditionally been used for physical-layer security. We perform a systematic/structured analysis of the effect of error-control coding, scrambling, interleaving, and coset coding, as coding layers of a secrecy system. Using this new approach, scrambling and interleaving are shown to be of no effect in increasing information theoretic security, even when measuring the effect at the output of the eavesdropper's decoder. Error control coding is shown to present a trade-off between secrecy and reliability that is dictated by the chosen code and the signal-to-noise ratios at the legitimate and eavesdropping receivers. Finally, the benefits of secrecy coding are highlighted, and it is shown how one can shape the secrecy benefit according to system specifications using combinations of different layers of coding to achieve both reliable and secure throughput.
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.